AutoGPT is the vision of accessible AI for everyone, to use and to build on. Our mission is to provide the tools, so that you can focus on what matters.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

💻 A fully functional local AWS cloud stack. Develop and test your cloud & Serverless apps offline

Deep Learning for humans

The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.

The fundamental package for scientific computing with Python.

💬 Open source machine learning framework to automate text- and voice-based conversations: NLU, dialogue management, connect to Slack, Facebook, and more - Create chatbots and voice assistants

Impacket is a collection of Python classes for working with network protocols.

The Rogue Access Point Framework

Prowler is the world’s most widely used open-source cloud security platform that automates security and compliance across any cloud environment.

Custom Selenium Chromedriver | Zero-Config | Passes ALL bot mitigation systems (like Distil / Imperva/ Datadadome / CloudFlare IUAM)

Credentials recovery project

The recursive internet scanner for hackers. 🧡

Pure bash script to test and wait on the availability of a TCP host and port

GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging capabilities for exploit devs & reverse engineers on Linux

🐍 A toolkit for testing, tweaking and cracking JSON Web Tokens

One place for all the default credentials to assist the Blue/Red teamers identifying devices with default password 🛡️

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authenticat…

WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.

HTTP parameter discovery suite.

Reverse engineering and pentesting for Android applications

Scanning APK file for URIs, endpoints & secrets.

AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.

Automated All-in-One OS Command Injection Exploitation Tool

EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.

Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation

The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

Windows Exploit Suggester - Next Generation

💀 Generate malicious PDF test files for testing phone-home callbacks, SSRF, XSS, NTLM credential theft, and data exfiltration in PDF viewers, converters, and web applications. Can be used with Burp…

Cartography is a Python tool that pulls infrastructure assets and their relationships into a Neo4j graph database.